OpenStack / Cloud / Virtualizaton / Linux

RHEL6 – Display and Modify SELinux Modes

There are three basic commands that you can use to display and modify SELinux modes. They are as follows

getenforce

setenforce

sestatus

The first two are installed as part of the package, libselinux-utils. The sestatus is installed as part of policycoreutils.

Setenforce will enable or disable SELinux temporarily. Use 0 to disable and 1 to enable as shown below.

#setenforce 0

#setenforce 1

If you need need your change to be persistent across reboots edit /etc/selinux/config.

# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - SELinux is fully disabled.SELINUX=enforcing# SELINUXTYPE= type of policy in use. Possible values are:# targeted - Only targeted network daemons are protected.# strict - Full SELinux protection.SELINUXTYPE=targeted

Getenforce is used to query your SELinux Status as seen below

[root@vpaquin01 selinux]# getenforce Enforcing

Sestatus give you the same information as getenforce but in a bit more detail